No, it doesn't graft. And it produces the same "version" of glibc, but with a patch applied for CVE-2015-7547.
Well, you would make sure you cherry-pick the right hash. I can't confirm that from my phone. -------- Original Message -------- From: Jookia <166...@gmail.com> Sent: February 17, 2016 11:28:33 AM EST To: Leo Famulari <l...@famulari.name> Cc: guix-devel@gnu.org Subject: Re: glibc update On Wed, Feb 17, 2016 at 11:14:19AM -0500, Leo Famulari wrote: > I tried this. The resulting process downloaded the bootstrap binaries > and appeared to rebuild *everything*. I haven't had time to figure out > what actually got rebuilt and if anything is still using the vulnerable > glibc. This doesn't graft does it? It'd just bump glibc's version.
